

package kin.system.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import java.util.Iterator; 

import javax.inject.Inject;


import kin.bean.security.User;
import kin.manager.security.UserManager;
import kin.serviceIMP.security.UserServiceManagerIMP;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionManager; 
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException; 
import org.springframework.security.access.ConfigAttribute; 
import org.springframework.security.access.SecurityConfig; 
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;

import org.springframework.security.authentication.InsufficientAuthenticationException; 
import org.springframework.security.core.Authentication; 
import org.springframework.security.core.GrantedAuthority;    

import org.springframework.security.web.FilterInvocation;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.PathMatcher;
public class MyAccessDecisionManager implements AccessDecisionManager {    
    
    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {    
        if(configAttributes == null) {    
            return;    
        }    
        //所请求的资源拥有的权限(一个资源对多个权限)    
        Iterator<ConfigAttribute> iterator = configAttributes.iterator();    
        while(iterator.hasNext()) {    
            ConfigAttribute configAttribute = iterator.next();    
            //访问所请求资源所需要的权限    
            String needPermission = configAttribute.getAttribute();    
            System.out.println("needPermission is " + needPermission);    
            //用户所拥有的权限authentication    
            for(GrantedAuthority ga : authentication.getAuthorities()) {  
            	//System.out.println("ga is "+ga.getAuthority().toString());
                if(needPermission.equals(ga.getAuthority())) {    
                    return;    
                }    
            }    
        }    
        //没有权限    
        throw new AccessDeniedException(" 没有权限访问！ ");    
    }    
    
    public boolean supports(ConfigAttribute attribute) {    
        // TODO Auto-generated method stub    
        return true;    
    }    
    
    public boolean supports(Class<?> clazz) {    
        // TODO Auto-generated method stub    
        return true;    
    }    
        
}    
	   
	



 